Problem with AD-Integrated DNS

Home Forums Microsoft Networking and Management Services DNS Problem with AD-Integrated DNS

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    We’re seeing many of our clients with the error below. We’ve got an AD-Integrated DNS environment with three DCs (Server 2008R2) in two AD sites. When I look at the DNS zone properties, dynamic updates are set to “Secure only” and we’re set to scavange stale resource records. The no-refresh and refresh intervals are both three days.

    Event Type: Warning
    Event Source: DnsApi
    Event Category: None
    Event ID: 11163
    Date: 10/21/2011
    Time: 12:04:47 AM
    User: N/A
    Computer: computerName
    The system failed to register host (A) resource records (RRs) for network adapter with settings:

    Adapter Name : {4289B34B-E624-4D58-89AC-19784205E70F}
    Host Name : computerName Primary Domain Suffix :
    DNS server list :,,
    Sent update to server :
    IP Address(es) :

    The reason the system could not register these RRs was because the DNS server failed the update request. The most likely cause of this is that the authoritative DNS server required to process this update request has a lock in place on the zone, probably because a zone transfer is in progress.

    You can manually retry DNS registration of the network adapter and its settings by typing “ipconfig /registerdns” at the command prompt. If problems still persist, contact your DNS server or network systems administrator.

    For more information, see Help and Support Center at
    0000: 2d 23 00 00 -#..

    Since this is widespread and running “ipconfig /registerdns” doesn’t seem to help, I don’t think a zone transfer in in progress.

    I ran dcdiag on a DC and got back the following result for each DC:


    TEST: Delegations (Del)
    Error: DNS server: IP:
    [Broken delegated domain]
    Error: DNS server: IP:
    [Broken delegated domain]
    Error: DNS server: IP:
    [Broken delegated domain]

    What does that mean and could it be related to our dynamic update failure?

    I supposed it goes without saying, but looking at the list of DNS entries on the server shows a bunch of mis-matches. How would I go about finding and fixing the source of this issue?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.